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THE SECURITY DEVICE MAPS THE STORAGE LOCATION IN THE 
TRANSACTION REQUEST ACCORDING TO THE ADDRESS MAPPING OF THE 

STORAGE DEVICE 361 5A 



THE SECURITY DEVICE PROVIDES THE TRANSACTION REQUEST TO THE 

STORAGE DEVICE 3620A 



THE STORAGE DEVICE PERFORMS THE REQUESTED TRANSACTION 3625A 



Fig. 25A 
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3600B 



A CRYPTO-PROCESSOR RECEIVES A TRANSACTION REQUEST FOR A 
MEMORY LOCATION ASSOCIATED WITH A MEMORY CONNECTED TO THE 

CRYPTO-PROCESSOR 3605B 



THE CRYPTO-PROCESSOR PROVIDES ACCESS CONTROL FOR THE 

MEMORY 361 OB 



THE CRYPTO-PROCESSOR MAPS THE MEMORY LOCATION IN THE 
TRANSACTION REQUEST ACCORDING TO THE ADDRESS MAPPING OF THE 

MEMORY 3615B 



THE CRYPTO-PROCESSOR PROVIDES THE TRANSACTION REQUEST TO THE 

MEMORY 3620B 



THE MEMORY PERFORMS THE REQUESTED TRANSACTION 3625B 



Fig. 25B 
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^ 361 OA 



THE SECURITY DEVICE DETERMINES IF A LOCK IS IN PLACE FOR THE 

STORAGE LOCATION 3705 




THE SECURITY DEVICE PROVIDES A CHALLENGE IN RESPONSE TO THE 
TRANSACTION REQUEST FOR THE STORAGE LOCATION ASSOCIATED WITH 
A STORAGE DEVICE CONNECTED TO THE SECURITY DEVICE 3715 



z 

THE SECURITY DEVICE RECEIVES A RESPONSE TO THE CHALLENGE 3720 



THE SECURITY DEVICE EVALUATES THE RESPONSE BY COMPARING THE 
RESPONSE TO AN EXPECTED RESPONSE 3725 



END 




YES 



THE SECURITY DEVICE PROVIDES THE TRANSACTION REQUEST TO THE 

STORAGE DEVICE 3735 



Fig. 26 
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STORE A SECRET IN A STORAGE DEVICE (e.g. A MEMORY) 3805 



1 




STORE DATA IN THE STORAGE DEVICE 3810 



STORE CODE IN THE STORAGE DEVICE 3815 



i 

READ THE SECRET FROM THE STORAGE DEVICE (e.g. AT BOOT TIME) 3820 



1 




STORE THE SECRET IN A SECURE LOCATION (e.g. IN SMM SPACE) 3825 






READ THE CODE FROM THE STORAGE DEVICE 3830 



I 

STORE THE CODE IN THE SECURE LOCATION 3835 



t 

LOCK A LOCK TO SECURE THE STORAGE DEVICE 3840 



z 

READ DATA FROM THE STORAGE DEVICE 3845 



SUBMIT THE SECRET OR AN INDICATION THEREOF 
TO THE STORAGE DEVICE 3850 



USE THE CODE TO SUBMIT THE SECRET (OR THE INDICATION) 
TO THE STORAGE DEVICE 3855 



i 

UNLOCK THE LOCK SECURING THE STORAGE DEVICE 3860 

Fig. 27 



Strongin & Gulick / TT3758 



51/73 / 3900 



A REQUESTOR MAKES AN ACCESS REQUEST 3905 



A GATEKEEPER RECEIVES THE ACCESS REQUEST AND PROVIDES A 
CHALLENGE TO THE REQUESTOR TO AUTHENTICATE THE REQUESTOR'S 
AUTHORITY TO MAKE THE ACCESS REQUEST 3910 



THE REQUESTOR RECEIVES THE CHALLENGE AND PROVIDES A RESPONSE 
TO THE CHALLENGE TO AUTHENTICATE THE REQUESTOR'S AUTHORITY TO 

MAKE THE ACCESS REQUEST 3915 



THE GATEKEEPER RECEIVES THE RESPONSE TO THE CHALLENGE AND 
COMPARES THE RESPONSE TO AN EXPECTED RESPONSE 3920 




THE GATEKEEPER APPROVES THE ACCESS REQUEST 3930 



Fig. 28 
(Prior Art) 



Strongin & Gulick / TT3758 



52/73 



4000A 



SOUTH BRIDGE 
330D 



RNG 

455 



SECURITY 
HARDWARE 
370 



GUID 
TABLE 
4098 



SECRET 
4095 



LPC 
BIL 
134D 



USB 
INTERFACE 
LOGIC 
134C 



LPC BUS 

118 \ 



SUPER 
I/O 
120 



KB 4019 



GUID 4099C 



BIOMETRIC 
DEVICE 4020 



GUID4099A 



SECRET 
4095 



USB HUB 
4015 



GUID4099B 



SMART CARD 
READER 
4025 



Fig. 29A 



GUID 4099D 



SECRET 
4095 



Strongin & Gulick / TT3758 



53/73 



PROCESSOR 
805E 



GUID4099E 



SECRET 
4095 




Fig. 29B 



Fig. 29C 



MEMORY 
4006 



DIMM 
4060A 



GUID4099H 



DIMM 
4060B 



GUID4099J 



DIMM 
4060C 



GUID4099K 



SECRET 
4095 



PROCESSOR 
805 



LOCAL 
BUS^ 

808 



NORTH BRIDGE 
810 



GUID 4099F 



PCI 
^110 



Fig. 29D 



4000B 



AGP 
4008 



SECRET 
4095 



Strongin & Gulick / TT3758 



MEMORY 
4006 



SYSTEM 
GUID 
4085 



LOGIC 4080 



GUID 
4099N 



BIT 

4090 



54/73 



SYSTEM 
GUID 
4085 



PROCESSOR 
805 



BIT 
4090 



GUID4099P 



LOGIC 4080 



NORTH BRIDGE 810 



LOGIC 4080 



GUID 
4099F 



SYSTEM 
GUID 
4085 



BIT 

4090 



4000E 



DEVICE 4035 



SYSTEM 
GUID 
4085 



LOGIC 4080 



GUID 
4099M 



BIT 

4090 



SOUTH BRIDGE 
330E 



SECURITY 
HARDWARE 
370 



GUID 
TABLE 

4098 



SYSTEM 
GUID 
4085 



Fig. 29E 



CRYPTO 
PROCESSOR 
305 



SYSTEM 
GUID 
4085 



LOGIC 4080 



GUID 
4099L 



BIT 
4090 



Strongin & Gulick / TT3758 



55/73 



A /4100A 



A BIOMETRIC DATA TRANSACTION IS REQUESTED INVOLVING A BIOMETRIC 

DEVICE 41 10 



A NONCE OR RANDOM NUMBER IS PROVIDED TO THE BIOMETRIC DEVICE 

4115 



THE BIOMETRIC DEVICE RESPONDS TO THE DATA TRANSACTION REQUEST 
WITH THE REQUESTED BIOMETRIC DATA AND THE RESULT OF A HASH 
USING A SECRET AND THE NONCE OR RANDOM NUMBER 4120A 



THE RESULT OF THE HASH USING THE SECRET AND THE NONCE OR 
RANDOM NUMBER IS COMPARED TO AN EXPECTED VALUE FOR THE 
RESULT OF THE HASH 4125A 



▼ 




YES 



REJECT THE TRANSMITTED 
BIOMETRIC DATA 4135 



ACCEPT THE TRANSMITTED 

BIOMETRIC DATA AS THE 
REQUESTED BIOMETRIC DATA 
4140 



Fig. 30A 
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4100B 



A BIOMETRIC DATA TRANSACTION IS REQUESTED INVOLVING A BIOMETRIC 

DEVICE 4110 




r 


A NONCE OR RANDOM NUMBER IS PROVIDED TO THE BIOMETRIC DEVICE 

4115 




' , .. ... - .- 



THE BIOMETRIC DEVICE RESPONDS TO THE DATA TRANSACTION REQUEST 
WITH THE REQUESTED BIOMETRIC DATA IN ENCRYPTED FORM AND THE 
RESULT OF A HASH USING A SECRET AND THE NONCE OR RANDOM 

NUMBER 4120B 



THE RESULT OF THE HASH USING THE SECRET AND THE NONCE OR 
RANDOM NUMBER IS COMPARED TO AN EXPECTED VALUE FOR THE 
RESULT OF THE HASH 4125B 



NO 




YES 



REJECT THE TRANSMITTED 
BIOMETRIC DATA 4135 



ACCEPT THE TRANSMITTED 
BIOMETRIC DATA AS THE 
REQUESTED BIOMETRIC DATA 
4140 



Fig. 30B 
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4200A 



A MASTER DEVICE IN THE COMPUTER SYSTEM ESTABLISHES A SECRET 
WITH A DEVICE IN THE COMPUTER SYSTEM DURING A TRUSTED SET-UP 

4205 



A DATA TRANSACTION IS REQUESTED INVOLVING THE DEVICE IN THE 
COMPUTER SYSTEM THAT KNOWS THE SECRET 4210 



A NONCE OR RANDOM NUMBER IS PROVIDED TO THE DEVICE IN THE 
COMPUTER SYSTEM THAT KNOWS THE SECRET 4215 



THE DEVICE RESPONDS TO THE DATA TRANSACTION REQUEST WITH 
EITHER THE REQUESTED DATA AND A RESULT OF A HASH USING THE 
SECRET AND THE NONCE OR RANDOM NUMBER OR THE RESULT OF THE 

HASH 4220A 



THE RESULT OF THE HASH USING THE SECRET AND THE NONCE OR 
RANDOM NUMBER IS COMPARED TO AN EXPECTED VALUE FOR THE 
RESULT OF THE HASH 4225 



NO 




REJECT THE TRANSMITTED 
DATA OR DO NOT SENT THE 
DATA 4235 



ACCEPT THE TRANSMITTED 
DATA AS THE REQUESETED 
DATA OR SEND THE DATA 
4240A 



Fig. 31A 
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A MASTER DEVICE IN THE COMPUTER SYSTEM ESTABLISHES A SECRET 
WITH A DEVICE IN THE COMPUTER SYSTEM DURING A TRUSTED SET-UP 

4205 



A DATA TRANSACTION IS REQUESTED INVOLVING THE DEVICE IN THE 
COMPUTER SYSTEM THAT KNOWS THE SECRET 4210 



A NONCE OR RANDOM NUMBER IS PROVIDED TO THE DEVICE IN THE 
COMPUTER SYSTEM THAT KNOWS THE SECRET 4215 



THE DEVICE RESPONDS TO THE DATA TRANSACTION REQUEST BY EITHER 
ENCRYPTING THE REQUESTED DATA USING THE SECRET AND THE NONCE 
OR RANDOM NUMBER AND TRANSMITTING THE ENCRYPTED DATA AND A 
RESULT OF A HASH USING THE SECRET AND THE NONCE OR RANDOM 
NUMBER OR TRANSMITTING THE RESULT OF THE HASH 4220B 



THE RESULT OF THE HASH USING THE SECRET AND THE NONCE OR 
RANDOM NUMBER IS COMPARED TO AN EXPECTED VALUE FOR THE 

RESULT OF THE HASH 4225 




REJECT THE TRANSMITTED 
DATA OR DO NOT SENT THE 
DATA 4235 



ACCEPT THE TRANSMITTED 
DATA AS THE REQUESETED 
DATA OR ENCRYPT USING THE 
SECRET AND THE NONCE OR 
RANDOM NUMBER AND SEND 
THE ENCRYPTED DATA 4240B 



Fig. 31 B 
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A MASTER DEVICE IN THE COMPUTER SYSTEM READS THE GUID FOR A 
DEVICE IN THE COMPUTER SYSTEM AND RECORDS THE GUID IN A GUID 
TABLE DURING A TRUSTED SET-UP 4305 



A DATA TRANSACTION IS REQUESTED INVOLVING THE DEVICE IN THE 
COMPUTER SYSTEM WITH THE KNOWN GUID 4310 



A NONCE OR RANDOM NUMBER IS PROVIDED TO THE DEVICE IN THE 
COMPUTER SYSTEM WITH THE KNOWN GUID 4315 



THE DEVICE RESPONDS TO THE DATA TRANSACTION REQUEST WITH THE 
REQUESTED DATA AND A RESULT OF A HASH USING THE GUID AND THE 
NONCE OR RANDOM NUMBER OR THE RESULT OF THE HASH 4320A 



THE RESULT OF THE HASH USING THE GUID AND THE NONCE OR RANDOM 
NUMBER IS COMPARED TO AN EXPECTED VALUE FOR THE RESULT OF THE 

HASH 4325 



NO 




REJECT THE TRANSMITTED 
DATA OR DO NOT SENT THE 
DATA 4335 



YES 



ACCEPT THE TRANSMITTED 
DATA AS THE REQUESETED 
DATA OR SEND THE DATA 
4340A 



Fig. 32A 



Strongin & Gulick / TT3758 



60 1 73 4300B 



A MASTER DEVICE IN THE COMPUTER SYSTEM READS THE GUID FOR A 
DEVICE IN THE COMPUTER SYSTEM AND RECORDS THE GUID IN A GUID 
TABLE DURING A TRUSTED SET-UP 4305 



A DATA TRANSACTION IS REQUESTED INVOLVING THE DEVICE IN THE 
COMPUTER SYSTEM WITH THE KNOWN GUID 4310 



A NONCE OR RANDOM NUMBER IS PROVIDED TO THE DEVICE IN THE 
COMPUTER SYSTEM WITH THE KNOWN GUID 4315 



THE DEVICE RESPONDS TO THE DATA TRANSACTION REQUEST BY 
ENCRYPTING THE REQUESTED DATA USING THE GUID AND THE NONCE OR 
RANDOM NUMBER AND TRANSMITTING THE ENCRYPTED DATA AND A 
RESULT OF A HASH USING THE GUID AND THE NONCE OR RANDOM 
NUMBER OR TRANSMITTING THE RESULT OF THE HASH 4320B 



THE RESULT OF THE HASH USING THE GUID AND THE NONCE OR RANDOM 
NUMBER IS COMPARED TO AN EXPECTED VALUE FOR THE RESULT OF 

THE HASH 4325 



NO 




REJECT THE TRANSMITTED 
DATA OR DO NOT SENT THE 
DATA 4335 



YES 



ACCEPT THE TRANSMITTED 
DATA AS THE REQUESETED 
DATA OR ENCRYPT USING 
GUID AND THE NONCE AND 
SEND THE ENCRYPTED DATA 
4340B 



Fig. 32B 
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4300C 



A MASTER DEVICE IN THE COMPUTER SYSTEM READS THE GUID FOR A 
DEVICE IN THE COMPUTER SYSTEM, RECORDS THE GUID IN A GUID TABLE, 
AND TRANSMITS A SECRET TO THE DEVICE DURING A TRUSTED SET-UP 

4306 



A DATA TRANSACTION IS REQUESTED INVOLVING THE DEVICE IN THE 
COMPUTER SYSTEM WITH THE KNOWN GUID THAT KNOWS THE SECRET 

4311 



A NONCE OR RANDOM NUMBER IS PROVIDED TO THE DEVICE IN THE 
COMPUTER SYSTEM WITH THE KNOWN GUID THAT KNOWS THE SECRET 

4316 



THE DEVICE RESPONDS TO THE DATA TRANSACTION REQUEST BY 
ENCRYPTING THE REQUESTED DATA USING THE SECRET, THE GUID, AND 
THE NONCE OR RANDOM NUMBER AND TRANSMITTING THE 
ENCRYPTED DATA AND A RESULT OF A HASH USING THE SECRET, THE 
GUID, AND THE NONCE OR RANDOM NUMBER OR TRANSMITTING THE 

RESULT OF THE HASH 4320C 



THE RESULT OF THE HASH USING THE SECRET, THE GUID, AND THE NONCE 
OR RANDOM NUMBER IS COMPARED TO AN EXPECTED VALUE FOR THE 

RESULT OF THE HASH 4326 



▼ 




YES 



REJECT THE TRANSMITTED 
DATA OR DO NOT SENT THE 
DATA 4335 



Fig. 32C 



ACCEPT THE TRANSMITTED 
DATA AS THE REQUESETED 
DATA OR ENCRYPT USING THE 
SECRET, THE GUID, AND THE 
NONCE AND SEND THE 
ENCRYPTED DATA 4340C 
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4400 



A MASTER DEVICE IN THE COMPUTER SYSTEM READS THE GUID FOR A 
DEVICE IN THE COMPUTER SYSTEM AND RECORDS THE GUID IN A GUID 
TABLE DURING A TRUSTED SET-UP 4405 



1 

THE DEVICE MAY RECEIVE A SYSTEM 

STORE THE SYS 


r 

GUID FROM THE MASTER DEVICE AND 
>TEM GUID 4410 






THE DEVICE SETS A INTRODUCED BIT IN RESPONSE TO JOINING THE 

COMPUTER SYSTEM 4415 



THE DEVICE RECEIVES A TRANSACTION REQUEST FROM THE COMPUTER 
SYSTEM AND THE DEVICE CHECKS IF ITS INTRODUCED BIT IS SET 4420 



1 


NO 

r 


THE DEVICE DOES NOT 
FULFILL THE TRANSACTION 
REQUEST OR DO NOT 
RESPOND TO THE 
TRANSACTION REQUEST 4430 




NO 




THE DEVICE MAY REQUEST 
AUTHENTICATION FROM THE 
COMPUTER SYSTEM USING A SECRET 
{e.g. THE GUID AND/OR THE SYSTEM 
GUID) BEFORE RESPONDING TO THE 
TRANSACTION REQUEST 4435 




THE DEVICE FULFILLS THE 
TRANSACTION REQUEST 4445 



YES 



Fig. 33 
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4500 



THE DEVICE OR THE MASTER DEVICE INITIATES A REQUEST FOR THE 
DEVICE TO LEAVE THE COMPUTER SYSTEM 4505 



THE DEVICE AND THE MASTER DEVICE AUTHENTICATE EACH OTHER USING 
THE GUID AND/OR THE SYSTEM GUID IN RESPONSE TO THE REQUEST FOR 
THE DEVICE TO LEAVE THE COMPUTER SYSTEM 4510 



THE DEVICE RESETS THE INTRODUCED BIT IN RESPONSE TO THE DEVICE 
AND THE MASTER DEVICE SUCCESSFULLY AUTHENTICATING EACH OTHER 

4515 



Fig. 34 



^4600 



THE DEVICE RECEIVING A COMMAND FOR THE DEVICE TO LEAVE THE 

COMPUTER SYSTEM 4605 



THE DEVICE RECEIVING A MAINTENANCE KEY THAT SUCCESSFULLY 

AUTHENTICATES 4610 



THE DEVICE RESETS THE INTRODUCED BIT IN RESPONSE TO THE DEVICE 
RECEIVING THE MAINTENANCE KEY THAT SUCCESSFULLY AUTHENTICATES 

4615 



Fig, 35 
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^4800 

TRANSMIT A MASTER MODE SIGNAL TO BUS INTERFACE LOGIC 
CONNECTED BETWEEN MASTER MODE LOGIC AND A DATA INPUT DEVICE, 
WHERE THE BUS INTERFACE LOGIC INCLUDES A MASTER MODE REGISTER 

4805 



_ 4 

SET A MASTER MODE BIT IN THE MASTER MODE REGISTER(S) TO 
ESTABLISH SECURE TRANSMISSION CHANNEL BETWEEN THE MASTER 
MODE LOGIC AND THE DATA INPUT DEVICE OUTSIDE THE OPERATING 
SYSTEM OF THE COMPUTER SYSTEM 4810 



THE MASTER MODE LOGIC AND THE DATA INPUT DEVICE EXCHANGE DATA 
OUTSIDE THE OPERATING SYSTEM OF THE COMPUTER SYSTEM THROUGH 
THE BUS INTERFACE LOGIC(S) THAT INCLUDE THE MASTER MODE 

REGISTER 4815 

1 

THE MASTER MODE LOGIC FLUSHES THE BUFFERS OF THE BUS INTERFACE 
LOGIC(S) THAT INCLUDE THE MASTER MODE REGISTER AFTER 
CONCLUDING THE DATA TRANSMISSIONS 4820 



THE MASTER MODE LOGIC SIGNALS THE BUS INTERFACE LOGIC(S) TO 
UNSET THE MASER MODE BITS AFTER FLUSHING THE BUFFERS OF THE 
BUS INTERFACE LOGIC(S) THAT INCLUDE THE MASTER MODE REGISTER 

4825 



Fig. 37 
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4900A 



THE PROCESSOR EXECUTES BIOS CODE INSTRUCTIONS FROM SMM SPACE 
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^ 4900B 
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5100A 



AUTHENTICATE A DEVICE, A COMPUTER SUBSYSTEM, OR A COMPUTER 
SYSTEM TO A COMPUTER SUBSYSTEM, A COMPUTER SYSTEM, OR A 
NETWORK SECURITY SYSTEM 5105 




SET A STARTING VALUE ON A TIMER IN RESPONSE TO SUCCESSFULLY 

AUTHENTICATING 5110 



UPDATE THE TIMER IN A PERIODIC FASHION 5115 



NO 




YES 



CONTINUE NORMAL 
OPERATION OF THE DEVICE, 
THE COMPUTER SUBSYSTEM, 
OR THE COMPUTER SYSTEM 
5125 



RE-AUTHENTICATE THE DEVICE, 
THE COMPUTER SUBSYSTEM, 
OR THE COMPUTER SYSTEM TO 
THE COMPUTER SUBSYSTEM, 
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THE NETWORK SECURITY 
SYSTEM 5130 



NO 




SHUT DOWN UNTIL RE- 
AUTHENTICATED 5140 



Fig. 40A 




Strongin & Gulick / TT3758 



71/73 



ESTABLISH NETWORK CONNECTION TO A NETWORK SECURITY 

SYSTEM 5104 



AUTHENTICATE A PORTABLE COMPUTER TO THE NETWORK 
SECURITY SYSTEM, SUCH AS DURING A BOOT PROCESS 5106 



5100B 



SET A STARTING VALUE ON A TIMER IN RESPONSE TO SUCCESSFULLY 

AUTHENTICATING 5110 
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UPDATE THE TIMER IN A PERIODIC FASHION 5115 
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OPERATION OF THE 
PORTABLE COMPUTER 5126 
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